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Abstract 

Modifications of Markovski quasigroup based crypto-algorithm liave been proposed. Some of 
these modifications are based on the systems of orthogonal n-ary groupoids. T-quasigroups 
based stream ciphers have been constructed. 
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1 Introduction 



1.1 Preliminaries 

This paper is an extended variant and a prolongation of the paper [12] . Information on quasigroups 
and n-ary quasigroups it is possible to find in [IHl [131 [TU |52] , on ciphers in (l3l[35]. Some apphcations 
of quasigroups in cryptology are described in [201 EB SHI [301 156] . 

Two main elementary methods of ciphering the information are known. 

(i) . Symbols in a plaintext (or in its piece (its bit)) are permuted by some law. One of the first 
known ciphers of such kind is cipher "Scital" (Sparta, 2500 years ago). 

(ii) . All symbols in a fixed alphabet are changed by a law on other letters of this alphabet. One 
of the first ciphers of such kind was Cezar's cipher (x — )■ a; + 3 for any letter of Latin alphabet, for 
example a — )■ d, 6 — )■ e and so on) . 

In many contemporary ciphers (DES, old Russian COST, Blowfish [HI [23]) the methods (i) and 
(ii) are used with some modifications. Therefore, permutations and substitutions are main elementary 
cryptographical procedures. 

What does the use of quasigroups in cryptography give us? It gives the same permutations and 
substitutions but easy generated, requiring not very big volume of a device memory, acting "locally" 
on only one block of a plain-text. 

"Stream ciphers are an important class of encryption algorithms. They encrypt individual charac- 
ters (usually binary digits) of a plaintext message one at a time, using an encryption transformation 
which varies with time. 

By contrast, block ciphers tend to simultaneously encrypt groups of characters of a plaintext 
message using a fixed encryption transformation. Stream ciphers are generally faster than block 
ciphers in hardware, and have less complex hardware circuitry. 

They are also more appropriate, and in some cases mandatory (e.g., in some telecommunications 
applications), when buffering is limited or when characters must be individually processed as they are 
received. Because they have limited or no error propagation, stream ciphers may also be advantageous 
in situations where transmission errors are highly probable" [43j . 

Stream-ciphers based on quasigroups and their parastrophes were discovered in the end of the 
XX-th century [SB [Ml E] • 

Often by enciphering a block (a letter) Bi of a plaintext the previous ciphered block Ci_i is used. 
Notice that Horst Feistel was one of the first who proposed such method of encryption (Feistel net) 

12H]- 

It is clear that by the construction of a stream cipher it is impossible to use method (i) (see 
above). But it is possible to use method (ii) and Feistel schema. Of course these methods cannot be 
unique. 

1.2 Basic definitions 

We give some definitions. A where m, n are natural numbers and m < n, 

will be denoted by x^. li m > n, then will be considered empty. The sequence x, . . . ,x (k times) 
will be denoted by x^. The expression 1, n designates the set {1, 2, ... ,n} of natural numbers |13j . 

A non-empty set Q together with an n-ary operation A : — > Q, n > 2 is called n-groupoid 
and it is denoted by {Q, A). 

It is convenient to define n-ary quasigroup in the following manner. 
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Definition 1. An n-aij groupoid {Q,A) with n-ary operation A sucli tliat in tlie equality A{xi, 
X2, . . . , Xn) = Xn+i the knowledge of any n elements from the elements Xi,X2, ■ ■ ■ , Xn, Xn+i uniquely 
specifies the remaining one is called n-ary quasigroup [13]. 

From Definition [T] follows [101 IS21 ES] that any quasigroup {Q,A) defines else {{n + 1)! — 1) 
n-quasigroups, so-called parastrophes of quasigroup {Q,A). 

In binary case any quasigroup {Q,A) defines else five quasigroups namely {Q,^^^^A), 
(g,(i2)A), (Q,(i23)^)^ (Q,(i32)^). See [ini [521 155] for details. 

We give classical equational definition of binary quasigroup 



Definition 2. A binary groupoid {Q,A) is called a binary quasigroup if on the set Q there exist 

operations ^^^^A and (^^M such that in the algebra (Q, A,^^^^ A,^"^^^ A) the following identities are 
fulfilled: 

A{^''^A{x,y),y) = x, (1) 

(i3)A(A(x,y),i/) = x, (2) 

A{x,^''^A{x,y))=y, (3) 

(23)A(x,A(a;,y))=y. (4) 

By tradition the operation A is denoted by -, ^"^^^A by \ and ^^^M by /. 

It is possible to give equational definition of n-ary quasigroup as a generalization of Definition [2J 
We follow [I31I50]. 

Definition 3. An n-ary groupoid {Q,A) is called an n-ary quasigroup if on the set Q there exist 
operations (2-«+i)A, . . . , such that in the algebra (Q, A, . . . , the 

following identities are fulfilled for all i G l,n: 

A{x\ ^,^^'"~^^''A{xi),x^_^_i)=Xi, (5) 

(^•"+^)A(xl-\A(xD,xr+i)=a;.. (6) 

In [29] it is proved that any n-ary quasigroup^ of order /c > 7 is a special kind composition of 
binary quasigroups isotopic to a fixed quasigroup 



Definition 4. Let {G, ■) be a groupoid and let a be a fixed element in G. Translation maps La (left) 
and Ra (right) are defined by the following equalities LaX = a ■ x, RaX = x ■ a for all x G G. For 
quasigroups it is possible to define a third kind of translation, namely, middle translations. If Pa is 
a middle translation of a quasigroup (Q, ■)> then for all X G Q [12]. 

It is well known that in a quasigroup (Q, ■) any left and right translation is a bijective map of the 

set g [iniisg. 

1.3 Quasigroup based cryptosystem 

We give based on binary quasigroup encoding algorithm. We use [55] . 

A quasigroup (Q, ■) and its (23)-parastrophe (Q, \) satisfy the following identities x ■ {x\y) = y, 
x\(x ■ y) = y. These are identities ([3]) and (jl]), respectively. 

The authors [371 EH] propose to use this quasigroup property to construct the following stream 
cipher. 



^The author thanks Prof. P.M. Sokhatsky that informed his about this result of M.M. Glukhov. 
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Algorithm 1. Let Q be a non-empty finite alphabet, k be a natural number, Ui, Vi & Q, i & {1, k}. 
Define a quasigroup {Q,A). It is clear that the quasigroup {Q, ^"^^^A) is defined in a unique way. 

Take a fixed element I (I E Q), which is called a leader. 

Let uiU2...Uk be a k-tuple of letters from Q. 

It is proposed the following ciphering procedure 

vi = A{l,ui), 

Vi = A{vi_i,Ui), i = 2, k. 

Therefore we obtain the following cipher-text V1V2 ■ ■ - Vk. 

The deciphering algorithm is constructed in the following way: Ui = ^'^^^A(l, Vi), Ui = f j), 

i ^ 2 , . . . , k . 

Indeed ^^^'> A{vi_u Vi) = '^^^'> A{vi^i, A{v,^i,Ui)) = m. 

Notice, tlie equality A = ^"^^^A is fulfilled if and only if A{x, A(x, y)) = y for all x,y G Q. 
1.4 Modifications and generalizations 

The improvements and researches of Algorithm [1] were carried out intensively. Some information 
on this process is given in [53]. We thank our colleagues A. Krapez, V. Bakeva, V. Dimitrova and 
A. Popovska-Mitrovikj for the following new information. 

Remark 1. In article the authors find the distribution of k -tuples of letters after n applications 
of quasigroup transformation (k > n) (i.e. AlgorithmU^ and give an algorithm for statistical attack 
in order to discover the original message. Also, they give some conclusions on how to protect the 
original messages. 

In work [34J, Krapez defines parastrophic quasigroup transformation. In [6], the authors propose 
a modification of this transformation and give a new classification of quasigroups of order 4- Finally, 
in [17] the authors presented this transformation and gave relationship between the new classification 
and the symmetries of quasigroups. 

Notice, parastrophic transformations from [SU [22] are promising for further applications and 
researches. 

In Algorithm [T] it is possible to use also a quasigroup {Q, A) and its (13) -, (123)- , (132)- 
parastrophe since quasigroup {Q, A) and these parastrophes fulfill the following identities, namely, 
identities ([2]), ([7]), and ([8]), respectively [55|[3i|E2]. 

^'''^AiA{x,y),x)=y (7) 

'^'''^A{y,A{x,y))=x (8) 
More details in this direction are in |3l] . 

In [3H], the authors claimed that this cipher is resistant to the brute force attack (exhaustive 
search) and to the statistical attack (in many languages some letters meet more frequently, than 
other lettersjl. Later similar results were presented in [49j. 

In dissertation of Milan Vojvoda [62] has been proved that this cipher is not resistant to chosen 
ciphertext attack and chosen plaintext attack. It is claimed that this cipher is not resistant to special 
kind of statistical attack (Slovak language) [52] . 

^The author thanks his colleagues A. Krapez, V. Bakeva, V. Dimitrova and A. Popovska-Mitrovikj for this infor- 
mation (private letter). 
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There exist a few other ways to generahze Algorithm [H The most obvious way is to increase arity 
of a quasigroup, i.e. instead of binary to apply n-ary {n > 3) quasigroups. This way was proposed 
in [Snmi] and was realized in [50]. See below Algorithm HJ Notice Prof. A. Petrescu writes that 
he found this n-ary generalization independently. 

In [19] , the authors proved that cipher based on Algorithm H] is not resistant to chosen ciphertext 
attack and chosen plaintext attack. 

Some modifications in order to make Algorithm [1] more resistant against known attacks can be 
found in [311 [22] • One of these attempts, taking into consideration Vojvoda results [52], was proposed 
in [56j. Namely instead of a binary quasigroup and its parastrophe it was proposed to use a system 
of n n-ary orthogonal operations (groupoids). 

Also it was proposed to use these two crypto-primitives together in one cryptographical procedure. 

1.5 A modification of Algorithm [1] 

Sometimes only the use of other record of a mathematical fact leads to a generalization. 
We re- write Algorithm [1] using concept of translation in the following way: 

Algorithm 2. Let Q be a non-empty finite alphabet. Define a quasigroup {Q, ■). It is clear that the 

quasigroup {Q, *'■'') is defined in a unique way. 

Take a fixed element I (I E Q), which is called a leader. 
Let UiU2-..Uk be a k-tuple of letters from Q. 
It is proposed the following ciphering procedure 
vi =1 ■ui = Liui, 

"^i — ■ = L^^_^Ui, i = 3, k. 

Therefore we obtain the following cipher-text V1V2 ■ ■ - v^. 

The deciphering algorithm is constructed in the following way. We have the following cipher-text: 

(23) (23) 

V1V2 . . . ffc. Recall = {L'^)^^ for any a G Q 13^ . Below we shall denote translation L^' as L*, 
translation L'^ as La for any a E Q. Then 



for all i G 2, fc. 

From this form of Algorithm [1] we can obtain easily the following generalization. Instead of 
translations L^, x G Q, we propose to use in the enciphering part of this algorithm powers of these 
translations, i.e., to use permutations of the form L^, A; G Z, instead of permutations of the form L^. 

The proposed modification forces us to use permutations of the form L^, /c G Z, also in the 
decryption procedure. 

Algorithm 3. Let Q be a non-empty finite alphabet. Define a quasigroup {Q, •). It is clear that the 

quasigroup {Q, ^ ■ '*) is defined in a unique way. 

Take a fixed element I (I E Q), which is called a leader. 



ui = l ■ vi= L*i iyi) = L*i (LiUi) 
Ly^ (LiUi) = ui, 



(9) 




= Ui 
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Let uiU2...Uk he a k-tuple of letters from Q. 
It is proposed the following ciphering procedure 



Vi = Lfui, a G Z, 
V2 = Ll^U2,be Z, 
Vi = Ll^_^Ui,i e3,k,ceZ. 



(10) 



Therefore we obtain the following cipher-text V1V2 ■ ■ - Vk- The deciphering algorithm is constructed in 
the following way. We use notations of Algorithmic Recall {L^)"" = L'"" for all x & Q. Then 



Notice, the elements a, 6, c in equalities ( ITU]) should be vary from step to step in order to protect 
this Algorithm against chosen plain-text and chosen cipher-text attack. It is clear that the right and 
middle [53] translations are also possible to use in Algorithm [3] instead of the left translations. See 
below. 

1.6 n-ary analogs of binary algorithms 

We give n-ary analog of Algorithm [1] [511 US]- 

Algorithm 4. Let Q he a non-empty finite alphabet, k he a natural number, Ui, Vi & Q, i E {1, k}. 
Define an n-ary quasigroup {Q, /). It is clear that any quasigroup {Q, (*'"+^)/) for any fixed value i 
is defined in a unique way. Below for simplicity we put i = n. 

Take fixed elements /(" ^^^'^ (U & Q), which are called leaders. 

Let u1U2--.Uk he a k-tuple of letters from Q. 

It is proposed the following ciphering (encryption) procedure 



iKj' iv2) = iKj" {Ll^U2) = U2, 



e 3,k. 



(11) 



v, = f{ir\u^), 

^2 = /(C-^«2), 



Vn+1 = /«,Mn+l), 
Vn+2 = /(w3+\u„+2) 




(12) 



Therefore we obtain the following cipher-text V1V2 - - - 



? Vn-ly Vn, Vn+1, ■ ■ ■ ■ 



6 



The deciphering algorithm also is constructed similarly with binary case: 

«2 = ("'"+'V(C-',^2), 



Un+2 



Ur. 



(13) 



Indeed, for example, ("'"+i)/K"\ ^^n) = «n)) = «„• 

Remark 2. It is easy to see that in encryption procedure (equalities / fl^) ) and, therefore, in de- 
cryption procedure (equalities it is possible to use more than one fixed n-quasigroup operation 
f- 

Below we shall denote this encryption algorithm as G{u), because on any step it is enciphered 
only one element of a plaintext. Probably it makes sense to use in Algorithm H] irreducible 3-ary or 



4-ary finite quasigroup 
order 4 [131 p. 115]. 



[Tl[2]. We give an example of 3-ary irreducible quasigroup {Q,A) of 



Example 1. 
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Notice A(0, 1,2) = Ao(l,2) = 3, A(2,3,2) = ^2(3, 2) = 3. Moreover A{0,l,x) = A{2,3,x) for any 
X E Q. Then translations T(0, 1, — ) and T(2,3,— ) are equal, pairs of leaders (0,1) and (2,3) are 
equal from cryptographical point of view. 

Recall there exist two groups of order 4, namely cyclic group Z4 and Klein group Z2 x Z2. Any 
binary quasigroup of order 4 is a group isotope [31 Sj. 

Lemma 1. Quasigroup from ExampleU\ is not an isotope of a 3-ary group {Q,f) with the form 
/(xf ) = xi + X2 + X3 where {Q, +) is a binary group of order 4- 

Proof. If a quasigroup is an isotope of a 3-ary group {Q, f) with the form f{x\) = Xi + X2 + x^ where 
(Q, +) is a binary group, then this quasigroup is reducible [131 Corollary, p. 115]. □ 



A translation of n-ary quasigroup (Q, /) {n > 2) will be denoted as T(ai, . . . , aj_i, — , Oj+i, 

,an)x = /(fli, . . . ) '^i— 1 ) flj-f 1, . . . , tin ) 



where Oj G Q for all z G 1, n and 

T(ai, . . . , flj-i, — , Oj+i 



for all X E Q. 

From definition of n-ary quasigroup follows that any translation of n-ary quasigroup {Q, f) is a 
permutation of the set Q. 
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Lemma 2. If fT{ai, . . . , a„_i, —) is a translation of a quasigroup [Q, f), then 

fT ^{ai, . . . , a„_i, — ) = (n,n+i) fT(ai, . . . , a„_i, — ) 

Proof. In the proof we omit the symbol / in the notation of translations of quasigroup [Q, /). We 
have 

T"^(ai, . . . , an-i, -)(T(ai, . . . , a„_i, -)x) = 

T"^(ai, . . . , On-i, -)/(ai, . . . , a„_i, x) = (^]^4) 



(n,n+i) . . . , a„_i, /(ai, . . . , a„_i, x)) S x 



□ 



We propose an n-ary analogue of Algorithm [31 



Algorithm 5. Lei Q be a non-empty finite alphabet. Define an n-ary quasigroup {Q,f). It is clear 
that the quasigroup {Q, is defined in a unique way. 

Take fixed elements ^'^^^ (U E Q), which are called leaders. 

Let uiU2---Uk be a k-tuple of letters from Q. 

It is proposed the following ciphering (encryption) procedure 

Vi = T"(/i,/2, • • .,/„_!, Ml), 
^2 = T^iln, ln+1, • • • , ^2ra-2, U2), 



(15) 



Vn-l — T^{l'n^-3n+3y • • • ; ^(n-l)(n-l) , M„_i) 
Vn = T'^iVl, . . .,Vr,-l,Un), 
Vn+1 = T^{V2, ■ ■ ■,V„,Un+l), 
Vn+2 = T*(m3, . . . , f„+i, Un+2), 



Therefore we obtain the following cipher-text V1V2 • • • ffc. 

Taking into consideration Lemma we can say that deciphering algorithm is possible, it is con- 
structed similarly with the deciphering in Algorithmic 

Remark 3. It is easy to see that in Algorithmic it is possible to use various quasigroup translations 
and to take quasigroups of various arity. 



2 Ciphers based on orthogonal n-ary groupoids 
2.1 Some definitions 

We give classical definition of orthogonality of ra-ary operations [9l [15]. 

Definition 5. n-ary groupoids (Q, /i), (Q,/2), {Q,fn) are called orthogonal, if for any fixed 
n-tuple ai,a2, . . . ,an the following system of equations 
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' fl{Xl,X2, ...,Xn)=ai 

/2(Xi,X2,...,X„) = 02 
< (16) 

^ fn^Xi, X2i ■ ■ ■ 1 Xn) CLn 

has a unique solution. 

If the set Q is finite, then any system of n orthogonal ra-ary groupoids {Q,fi) z G l,n, defines 
a permutation of the set and vice versa [HI |15l |9]. Therefore if \Q\ = q, then there exist (g")! 
systems of n-ary orthogonal groupoids defined on the set Q. 

There exist various generalizations of definition of orthogonality of ra-ary operations. Fresh gen- 
eralizations are in EH] • 

Definition 6. n-ary groupoids {Q, /i), (Q, /2), . . . , {Q, fk) (2 < A; < n) given on a set Q of order 
m are called orthogonal if the system of equations f[T^ has exactly m"~'^ solutions for any k-tuple 
ai, 02, . . . , flfc, where ai, 02, . . . , G Q (see [l6j). 

If k = n, then from Definition [H] we obtain standard Definition O Definition of orthogonality of 
binary systems has rich and long history ^20j. About n-ary case, for example, see [27] . 



2.2 Construction of orthogonal n-ary groupoids 

In the following example sufficiently convenient and general way for the construction of systems of 
orthogonal n-ary groupoids is given. 

Example 2. Define operations yli(xi, 0:2, a^s), ^2(3^1, 3:2, a^s), ^3(2:1, X2, Xs) over the set M = {0, 1, 2 } 
in the following way. Take all 27 triplets K = {{Ri, Si, Ti) \ Ri,Si,Ti G M,i G 1,27} in any fixed 
order and put 

Ai(0, 0, 0)=Ri, A(0, 0, 1) = i?2, Ai(0, 0, 2) = i?3, • • • , A,{2, 2, 2) = R^j, 
^2(0, 0, 0) = 5i, ^2(0, 0, 1) = ^2, ^2(0, 0, 2) = ^3, . . . , ^2(2, 2, 2) = ^27, 
^3(0, 0, 0) = Ti, ^3(0, 0, 1) = T2, ^3(0, 0, 2) = r3, . . . , ^3(2, 2, 2) = T27. 

The operations Ai, A2 and A-j, form a system of orthogonal operations. If we take this 27 triplets in 
other order, then we obtain other system of orthogonal 3-ary groupoids. 

This way gives a possibility to construct easily inverse system B of orthogonal n-ary operations to 
a fixed system A of orthogonal n-ary operations. Recall inverse system means that B{A{x^)) = x", 
Xi G Q. 

Example 3. [T^]. We give example of three orthogonal ternary groupoids that are defined on four- 
element set {0, 1, 2, 3}. Multiplication table of the first groupoid (in fact, of a quasigroup) is given 
in Example [H Below we give multiplication tables of other two 3-ary groupoids. 
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From formula (g")! follows that there exist (4^)! = 64! orthogonal systems of 3-ary groupoids over 
a set of order 4. 

2.3 Ciphers on base of orthogonal systems of n-ary operation 

Here we propose to use a system of orthogonal n-ary groupoids as additional procedure in order to 
construct almost-stream cipher [56j . 

Orthogonal systems of n-ary quasigroups were studied in [511 EHl ES] • Such systems have more 
uniform distribution of elements of base set and therefore such systems may be more preferable in 
protection against statistical cryptanalytic attacks. 

Algorithm 6. /iP/. Let A be a non-empty finite alphabet, k be a natural number, x\ be a plain- 
text. Take a system of n n-ary orthogonal operations {A,fi), i = 1,2, ... ,n. This system defines a 
permutation F of the set A^. We propose the following enciphering procedure. 

• Step 1: yi= F\x'^), where I > 1, I is a natural number, I is vary from one enciphering round 
to other. Ift<n, then we can add to plaintext some "neutral" symbols. 

• On the Steps > 2 it is possible to use Feistel schema \4^ - For example, we can do 
the following enciphering procedure = F^{y2,y3, . . . ,yn,Xn+i), if arity n > 2, or = 
F^'iVs, 1/4, • • • , Vn, Xn+i,Xn+2), ifn>3. And so on. 

The deciphering algorithm is based on the fact that orthogonal system of n n-ary operations l[T^) has 
a unique solution for any tuple of elements ai, . . . , a„. 

Algorithm [H] is sufficiently safe relative to chosen ciphertext and plaintext attack since the key is 
a non-periodic sequence of applications of permutation F, i.e. sequence of powers of permutation F. 
Therefore any permutation of the group (F) can be used by ciphering information using Algorithm 

la 

Recall application of only one step Algorithmic is not very safe since this procedure is not resistant 
relatively chosen ciphertext attack and chosen plaintext attack. 

3 Combined algorithms 

3.1 Modifications of Algorithm [6] 

By our opinion some modifications of this algorithm are desirable. Following "vector ideas" we 
propose as the first step to write any letter Ui of a plaintext as n-tuple (n-vector) and after that to 
apply Algorithm O For example it is possible to use a binary representation of characters of the 
alphabet A. 

It is possible to divide plain text mi, . . . ,m„ on parts and to use Algorithm |6] to some parts, to a 
text a part of which has been ciphered by Algorithm [6] on a previous ciphering round. 
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It is possible to change in Algorithm [6] variables xi,...,Xk (1 < < — 1)) by some fixed 
elements of the set Q and name these elements as leaders. Notice, if k = n — 1, then we obtain n 
chipering images from any plaintext letter u. 

If in a system of orthogonal n-ary operations there is at least one n-ary quasigroup, then we can 
apply by ciphering of information Algorithm H] and Algorithm [6] together with some non-periodical 
frequency, i.e., for example, we can apply four times Algorithm H] and after this we can apply five 
times Algorithm |6] and so on. 

It is possible to use as a period sequence decimal representation of an irrational or transcendent 
number. In this case we can take as a key the sequence of application of Algorithm H] and Algorithm 

El 

Proposed modifications make realization of chosen plaintext attack and chosen ciphertext attack 
more complicate. 

Taking into consideration that in binary case one application of Algorithm El generates from 
one plaintext symbol u two cipher symbols, say Vi,V2, we may propose to apply Algorithm El for 
two plaintext symbols (or to one cipher symbol and one plain symbol, else to two cipher symbols) 
simultaneously. 

We propose to use Algorithm jH and Algorithm El simultaneously. 
Algorithm 7. Suppose that we have a plaintext x\, t > n. 

1. Divide plaintext on n-tuples. 

2. We apply to any n-tuple of plaintext n-ary permutation F\x'^) = y^. 

3. To n-tuple y^ we apply Algorithm^ (its binary or k-ary variant) G{yi) = z^. Probably it will 
be better, if k < n. 

4- We apply to n-tuple n-ary permutation = t". 

Deciphering algorithm is clear. 

Below we denote the action of the left (right, middle) translation in the power a of a binary 
quasigroup {Q,gi) on the element ui by the symbol g^T^^{ui). And so on. 

Algorithm 8. Enciphering. Initially we have plaintext Ui,U2, ■ ■ ■ ,Uq. 



Step 1. 






= Vl 




= V2 






step 2. 




.3^4(^3) 


= V3 


34^4(^4) 


= Vi 






Step 3. 






= V5 




= V6 







(17) 
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And so on. We obtain ciphertext v[,V2, ■ ■ ■ ,Vq. 

Deciphering. Initially we have ciphertext v[,V2, . . . ,Vq. 

Step 1. 

Fr{v[,v'2) = {v,,V2) 

92Tl~\v2) = U2 

Step 2. 
Step 3. 



We obtain plaintext ui, M2, Me- 
lt is clear that Algorithm [3] is a partial case of Algorithm [81 

As in Algorithm |3l in Algorithm [8] the elements a,b,c, . . . ,h should be vary in order to protect 
this algorithm against chosen plain-text and chosen cipher-text attack. 

Algorithm [H] allows to obtain almost "natural" stream cipher, i.e. stream cipher that encode a 
pair of elements of a plaintext on any step. It is easy to see that Algorithm [8] can be generalized on 
n-ary {n > 3) case. One of the possible generalizations is realized in Algorithm [TOl 

Additional researches are necessary for the proposed in this subsection modifications. 

3.2 Stream cipher on base of orthogonal system of binary parastrophic 
quasigroups 

This subsection is more of algebraic than cryptographical character. For the construction of Algo- 
rithms m and [6] we propose the use of orthogonal systems of binary parastrophic quasigroups. 

We start from the following theorem 07]. Here expression Al.^'^^^A means that quasigroups {Q, A) 
and {Q, ^"^^^A) are orthogonal. 

Theorem 1. For a finite quasigroup {Q,A) the following equivalences are fulfilled: 
(i) Al.^^'^^A <^ {{x\z) ■ X = {y\z) ■y^x = y); 
(a) Al.^^^^A <^=^ (zx ■ X = zy ■ y =^ x = y); 
(Hi) Al.^'^^^A [x ■ xz = y ■ yz =^ x = y); 

(iv) AlS^'^'^'> A <^==^ [x ■ zx = y ■ zy =^ x = y); 

(v) AlS^^'^'> A <^==^ [xz ■ X = yz ■ y =^ x = y) 
for all x,y, z E Q . 

In order to construct quasigroups mentioned in Theorem [1] probably computer search is preferable. 
It is possible to use GAP and Prover [42\ . 
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Definition 7. A T-quasigroup {Q,A) is a quasigroup of the form A{x,y) = (px + ipy + c, where 
(Q, +) is an abelian group, yj, ip are some fixed automorphisms of this group, c is a fixed element of 
the set Q 



If (Q, ■) is a T-quasigroup of the form x-y = ipx + tpy + c, then its parastrophes have the following 
forms, respectively: 



(12) 

X ■ y = 

(13) 

X ■ y = 

(23) 

X ■ y = 

(123) 

X ■ y 

(132) 

X ■ y 



'4>x + ipy + c, 

ip~'^x — 'p~'^ipy — (p~'^c, 

—'ip~^Lpx + il)~^y — ip~'^a 

= —ip~^ipx + (p~'^y 

= ijj~^x — ijj~^ipy — ijj~^c. 



(19) 



See, for example, |17j . 

In order to construct a quasigroup (Q, A) that is orthogonal with its parastrophe in more theo- 
retical way it is possible to use the following theorem [17] . 



Theorem 2. For a T-quasigroup {Q,A) of the form A{x,y) 
{Q, +) the following equivalences are fulfilled: 



ipx + Ipy + c over an abelian group 



(i) A1}^A <= 
(zz) A±^^A 4 
(zzz) AL^^A < 

(iv) A±i23^ 

(v) A±i32^ , 



((y? — '?/'),((/? + 4^) o-i^G permutations of the set Q; 

> {e + if) is a permutation of the set Q; 
^ {e + ip) is a permutation of the set Q; 
^ {ip + ip'^) is a permutation of the set Q; 

> [ip"^ + ip) is a permutation of the set Q. 



Corollary 1. T-quasigroup {Zp, o) of the form xoy = k- x + m- y + c, where {Zp, +) is the cyclic 
group of a prime order p, k,m,c ^ Zp; k,m, k -\- m, k — m, k -\- l,m k"^ -\- m, k -\- mP^ ^ (mod p), 
where the operation ■ is multiplication modulo p, is orthogonal to any of its parastrophes. 

Quasigroups from Corollary [T] are suitable objects to construct above mentioned Algorithms 
(binary case). 

The following table contains connections between different kinds of translations in different paras- 
trophes of a binary quasigroup (Q, ■) ^31 155] . 

Table 1. 





e 


(12) 


(13) 


c-:;, 


(123) 


(132) 


R 


R 


L 


R-' 


P 


P-I 


L-i 


L 


L 


R 


p-i 




R-' 


P 


P 


P 


p-i 




R 


L 


R-' 


R-' 


R-' 




R 


p-i 


P 


L 


L-i 


L-' 


R-' 


P 


L 


R 


P-I 


P-I 


P-I 


P 


L 


R-' 




R 



From Table 1 it follows, for example, that R^^^^ = R ^. 
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3.3 T-quasigroup based stream code 

We give a numerical example of encryption Algorithm E] based on T-quasigroups. Notice the number 
257 is prime. 

Example 4. Take the cyclic group (^257, +) = (^5 +)• 

1. Define T-quasigroup {A, *) with the form x * y = 2 ■ x + 131 ■ y + 3 with a leader element /i, 
say, Zi = 17. Denote the mapping a; 1— )■ x * Zi by the letter i?/^, i.e. Ri^{x) = x *li for all x E A. 

In order to find the mapping taking into consideration Table 1 we find the form of operation 

(13) (13) (13) (13) 

* using formula (I19|) . We have x * y = 129 ■ x + Q3 ■ y + 127, i?^^ x = x * h = i?^^ x. 

(13) 

In some sense quasigroup {A, * ) is the "right inverse quasigroup" to quasigroup {A, *). From 

(132) 

identity dSj) follows that quasigroup [A, * ) is the "left inverse" quasigroup to quasigroup 

(13) 

(A,*). Notice from Corollary m follows that {A,*)±{A, * ). 

2. Define T-quasigroup {A, o) with the form x oy = 10 • a; + 81 • ?/ + 53 with a leader element I2, 
say, I2 = 71. Denote the mapping x I2 * x hj the letter Li^, i.e. Li^{x) = I20 x for all x E A. 

_i (23) 

In order to find the mapping L^^ we use Table 1 and find the form of operation o by formula 
(Hn]). We have x ^^o y = U9 ■ x + 165 ■ y + 250. 



(23) 

3. Define a system of two parastroph orthogonal T-quasigroups {A, ■) and {A, ■ ) in the following 

way 

x-y = 3- x + 5- y + 6 
X ^^.^^ y = 205-x + 103-y + 153 

(23) 

Denote quasigroup system {A, -, • ) by F{x, y), since this system is a function of two variables. 
In order to find the mapping F~^{x,y) we solve the system of linear equations 

3 ■ X + 5 ■ y + 6 = a 

205 ■ x + 103 ■ ?/ + 153 =b 

We have A = 55, 1/A = 243, x = 100 ■ a + 70 ■ 6 + 255, y = 43 ■ a + 215 ■ 6. Therefore we have, 
if F(x, y) = (a, 6), then F-\a, b) = (100 ■ a + 70 ■ 6 + 255, 43 ■ a + 215 ■ 6), i.e. 

X = 100 ■ a + 70 ■ 6 + 255 
y = A3-a + 215-b 

We have defined the mappings gi = Ri^ , g2 = Li^, F and now we can use them in Algorithm |8l 
Let 212; 17; 65; 117 be a plaintext. We take the following values in formula ( !T7|1 : a = b = d = 

e = / = l;c = 2. Below we use Gothic font to distinguish leader elements, i.e. 17,71 are leader 

elements. Then 

Step 1. 

c/i(212) = 212 * 17 = 2 • 212 + 131 • 17 + 3 = 84 
c/2(17) = 71 o 17 = 10 ■ 71 + 81 ■ 17 + 53 = 84 
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F(84; 84) = (3 ■ 84 + 5 ■ 84 + 6; 205 ■ 84 + 103 ■ 84 + 153) = (164; 68) 
F(164; 68) = (3 ■ 164 + 5 ■ 68 + 6; 205 ■ 164 + 103 ■ 68 + 153) = (67; 171) 

Step 2. 

^^(65) = 65 * 67 = 2 ■ 65 + 131 • 67 + 3 = 172 
c/2(117) = 171 o 117 = 10 ■ 171 + 81 • 117 + 53 = 189 

F(172; 189) = (3 ■ 172 + 5 ■ 189 + 6; 205 ■ 172 + 103 ■ 189 + 153) = (182; 139) 
We obtain the following ciphertext 67; 171; 182; 139. 

For deciphering we use formula (ITH]) . 

Step 1. 

F-\67; 171) = (100 ■ 67 + 70 ■ 171 + 255, 43 ■ 67 + 215 ■ 171) = (164; 68) 
F-^(164; 68) = (100 ■ 164 + 70 ■ 68 + 255, 43 ■ 164 + 215 • 68) = (84; 84) 

(13) 

^-1(84) = 84 * 17 = 129 ■ 84 + 63 ■ 17 + 127 = 212 
^2^1(84) = 71 84 = 149 ■ 71 + 165 ■ 84 + 250 = 17 
Step 2. 

F-^(182; 139) = (100 ■ 182 + 70 ■ 139 + 255, 43 ■ 182 + 215 ■ 139) = (172; 189) 

(13) 

^1^^(172) = 172 * 67 = 129- 172 + 63-67+ 127 = 65 
^2~^(189) = 171 189 = 149 ■ 171 + 165 ■ 189 + 250 = 117 

A little program using freeware version of programming language Pascal was developed. First 
little experiments demonstrate that encoding-decoding is executed sufficiently fastjl 

Remark 4. Proper binary groupoids are more preferable than linear quasigroups by construction of 
the mapping F{x, y) in order to make encryption more safe, but in this case decryption may be slower 
than in linear quasigroup case and definition of these groupoids needs more computer (or some other 
device) memory. The same remark is true for the choice of the function g. Maybe a golden mean in 
this choice problem is to use linear quasigroups over non-abelian, especially simple, groups. 

Remark 5. In this cipher there exists a possibility of protection against standard statistical attack. 
For this scope it is possible to denote more often used letters or pair of letters by more than one 
integer or by more than one pair of integers. 



3.4 Some generalization of functions of Algorithm [8] 

We give a method for the construction of functions that it is possible to use in cryptographical 
procedures. Suppose that all functions are defined on a set Q. Functions F(x") and g{x^) are 
functions of n variables. 

Function F [n orthogonal groupoids, a permutation of the set Q") has inverse function of n 
variables F'^ix'^) such that F(F~i(x^)) = F-^{F{x'^)) = x"^. 

We recall, if g is n-ary quasigroup operation, then, in general, we cannot decode values x, y, 
for example, from equality g(a"'~'^,x,y) = b, but we can easy solve equation g(a'^~^,x) = b of one 
variable, i. e. we can decode value of variable x. 

Taking into consideration this quasigroup feature, we describe the set (clone) of functions that 
it is possible to use in cryptology on base of these two kinds of functions, namely, functions F and 

■^The author thanks D.I. Pushkashu and A.V. Shcherbacov for their help by the writing of this program. 
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g. We shall use concept of term f63] to define cryptographical terms (cryptographical functions) 
inductively. 

Cryptographical function (cryptographical term) below in Case 3 means that encoding and de- 
coding of a text using this function (this term) is performed uniquely. 

Algorithm 9. 1. Any individual constant is a cryptographical term. 

2. Any individual variable is a cryptographical term. 

3. (a) If g is an n-ary quasigroup functional constant ({Q,g) is an n-ary quasigroup) and t is 

a term, 6" are individual constant, then g"'{b\~^ ,t,b^^^) , i e l,n, where a & Z, is a 
cryptographical term. 

(b) If F is a permutation of a set which is constructed using n orthogonal n-ary groupoids 
and ti,t2, ■ ■ ■ ,tn are quasigroup cryptographical terms, then F"-{ti, . . . , t„), where a G Z, 
is a cryptographical term. 

Example 5. Let Q = B x B he a non-empty set, F be a pair of orthogonal groupoids every of which 
is defined on the set B, and {Q, g) be a ternary quasigroup. Then g{qi, q2, F), where qi, q2 are fixed 
elements of Q, is a cryptographical term constructed following Rule 3, (a) of Algorithm [HI 

In Example m cryptographical term F°'{gi,g2) is constructed following Rule 3, (b) of Algorithm 
M Indeed, the function F is a pair of parastrophic orthogonal T-quasigroups that are defined on the 
set ^257, i-e. F is a permutation of the set Z257 x Z257; (^257, gi), {Z257, g2) are binary T-quasigroups, 
and a = 1; 2. 

Algorithm 10. Suppose that we have n-ary permutation F , n procedures Gj (they may be of various 
arity and it is supposed that leader elements are used) and plaintext x\. 

By the letter y with an index we denote an element of enciphered text or a leader element. We 
propose the following enciphering procedure. 

The i-th step of this procedure can have the following form 

,F\G,iyT,x,),...,GM,^^))=^yl (20) 

Deciphering algorithm is executed "from the top to the bottom" in general and "from the bottom to 
the top" on any step. See more details in Algorithmic 

3.5 On quasigroup based cryptcode 

Using possibilities that give us Algorithms [3 and (TU] we give an example of a quasigroup based hybricfl 
of a code and a cypher. Following Markovski, Gligoroski, and Kocarev [lOl ES] , we name such hybrid 
as a cryptcode. 

We shall use Klein group Z2 (B Z2, its automorphism group and the system of three ternary 
orthogonal groupoids (Example [3]). 

Denote elements of the group Z2©Z2 as follows: {(0; 0), (1; 0), (0; 1), (1; 1)}. The group Aut{Z2® 
Z2) consists of the following automorphisms : 

(0 i)'(i i)'(o i)'(i o)'(i o)'(i 1) 

^Hybrid idea is sufficiently known. For example, see [511 page 2], [5H1 page 65]. 
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Denote these automorphisms by the letters e, (p2, V^s, V's, Ve, respectively. 

Notice Lpl = (fl = (pl = €, Lfl = LfQ, lpI = V35. It is known that Aut{Z2 ® Z2) = S3 [8T|[82]. 
For convenience we give Cayley table of the group Aut{Z2 © Z2). 





e 


^2 


^3 


V94 






e 


e 


f2 


^3 








^2 




e 








V94 


^3 


^3 




e 




V94 


^2 


ip4 












<^3 














e 




V6 




V54 






V5 



Information on codes is in [17j. We shall use a code that is given in ^46^ Example 19]. Suppose 
that the symbols x, y are informational symbols and the symbol 2 is a check symbol. Remember, 
x,y,z & {Z2 © Z2). We propose the following check equation x + v^sl/ + = (0; 0), i.e., we propose 
the following formula to find the element z: 

z = ip5X + (fey (21) 

Recall, statistical investigations of J. Verhoeff [61] and D.F. Beckley have shown that the most 
frequent errors made by human operators during transmission of data are single errors (i.e. errors 
in exactly one component), adjacent transpositions (in other words errors made by interchanging 
adjacent digits, i.e. errors of the form ab — t- ha), and insertion or deletion errors. We note, if all 
codewords are of equal length, insertion and deletion errors can be detected easily. 
Proposed code detects any single, transposition, and twin {aa bb) errors [l6]. 

Further we construct three T-quasigroups over the group Z2 © Z2: 
(Z2 Q) Z2,D) with the form D{x, y) = ip^x + ip^y + oi; 
{Z2 © Z2, E) with the form E{x, y) = (p2X + ^p^y + 02; 
{Z2 © ^2, F) with the form F{x, y) = (psx + (p^y + a^. 

We use the following 

Theorem 3. A T-quasigroup {Q, ■) of the form x - y = ax + Py + c and a T-quasigroup {Q, o) of the 
form X oy = jx + Sy + d, both over a group {Q, +) are orthogonal if and only if the map a~^f3 — ■y^^S 
is an automorphism of the group {Q, +) J^7| /. 

Lemma 3. The quasigroups {Z2 © Z2, -D), {Z2 © Z2, -E), and (Z2 (B Z2,F) are orthogonal in pairs. 

Proof. We can use Theorem [3] and Cayley table of the group Aut{Z2 © Z2). □ 

Define three ternary operations in the following way: Ki{D{x, y),z) = D{x, y)+z, K2{E{x, y), z) = 
E{x, y) + z, K3{F{x, y),z) = F(x, y) + z. 

Lemma 4. The triple of ternary operations Ki{x, y, z), K2{x, y, z), K^^x, y, z) forms orthogonal sys- 
tem of operation. 

Proof. We solve the following system of equations 

LP3X + Lpey + ai + z = bi 

tp2X + tp^y + a2 + z = b2 (22) 

ipsX + V^sZ/ + «3 + 2; = &3 



17 



where 61, 62, &3 are fixed elements of tlie set Z2 © ^2- 

We use properties of tlie groups {Z2 © Z2) and Aut{Z2 © Z2). 

(fsx + ipey + z = bi + ai 

(P2X + (f^y + z = b2 + a2 (23) 
'^sx + (p^y + z = 63 + as 

We are doing tlie following transformations of the system (1231) : (first row + third row) — )■ first 
row; (second row + third row) — )■ second row; and obtain the following system: 

y = 61 + ai + 63 + as 

X = (^4(62 + aa + 63 + h) (24) 
ipsx + ip;sy + z = h + as 

If in the system in the third equation we replace x by (p4:{b2 + a2 + + 64) and y by 
61 + ai + 63 + as, then we obtain 

X = (p4{b2 + a2 + 63 + as) 

?/ = 61 + ai + 63 + as (25) 
2; = 6s + as + (p5{bi + ai + 62 + ^2) 

Therefore the system fl22|) has a unique solution for any fixed elements 61,62,^3 G (^2 © ^2), 
operations Ki{x, y, z), K2{x, y, z), Ks{x, y, z) are orthogonal. □ 

Triple of orthogonal operations Ki{x, y, z), K2{x, y, z), K^^x, y, z) defines on the set a permu- 
tation. Denote this permutation by the letter K. 

We shall use the system of three ternary orthogonal groupoids (Q, A), {Q,B), {Q,C) of order 
4 from Example [3l See also [19]. Denote permutation that defines this system of three ternary 
orthogonal groupoids by the letter M. 

In order to use the system of orthogonal groupoids and the system of orthogonal T-quasigroups 
simultaneously we redefine the basic set of the T-quasigroups in the following (non-unique) way 
(0;0)->0, (1;0)->1, (0; 1) ^ 2, (1; 1) ^ 3. 

We propose the following cryptographical term (a cryptographical primitive): 

H{x,y,z) = M\K\x,y,z)),k,leZ 

Transformation if is a permutation of the set Q'^. Indeed, this transformation is a composition 
of two permutations: K'' and M''. 
Therefore we propose the following 

Algorithm 11. 1. Take a pair of information symbols a,b E {Z2 © Z2); 

2. by formula [2l\) find value of the check symbol c; 

3. apply cryptographical term H to the triple {a,b,c); 
4- take a pair of information symbols rf, e G {Z2 © Z2); 
5. by formula l[21\} find value of the check symbol f ; 
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6. change values of the numbers k, I in the cryptographical term H; also it is possible to change 
the term H by some other term of such or other type; 

7. apply cryptographical term H to the triple {d,e,f); 

8. and so on. 

Procedure of decoding in Algorithm [TT] is clear. 

Recall, the number N{n) of mutually (in pairs) orthogonal Latin squares of order n fulfills the 
following inequality N{n) < (n — 1) [35j. Then for n = 4 we have N{4) < 3. Therefore, for real 
applications an analog of Algorithm [TT] should be constructed over a set of order more than 4 and, 
probably, with more powerful code [7]. 

3.6 A comparison of the "power" of proposed algorithms 

We shall compare how many permutations and of what length can be generated and can be used by 
the working of some above mentioned algorithms. 

Algorithm[TJ If we shall use only one quasigroup {Q, ■), \Q\ = n, then we can obtain by encoding 
not more than n permutations of the group Sn- 

Algorithm [3l If we shall use only one quasigroup {Q, ■), \Q\ = n, then we shall use by encoding 
the set S = (Lai) of permutations which is a subset of the left multiplication group LM of 
quasigroup (Q, ■)• We recall LM{Q, ■) = {L^\x eQ) [IHl [521 [53] . 

It is possible to construct a quasigroup (Q, ■) such that LM{Q, ■) = Sq. Notice, it is proved [21] 
that there exist quasigroups with the property LM{Q, ■) = Aq, where Aq is the alternating group 
defined on the set Q [32l[HT]. 

Therefore by encoding using Algorithm [3] we can obtain not more than \Sn\ = n\ permutations. 

Situation with Algorithm [His similar to the situation with Algorithm [T] Since by encoding trans- 
lations of an m-ary quasigroup {Q, f) are used, we can obtain not more than |S'„| = n\ permutations. 
The properties of multiplication group (more exactly, multiplication groups) of n-ary quasigroups 
are not researched well. 

Information on the multiplication groups of linear ra-ary quasigroups is in [36j- These quasigroups 
are used in [511 [50] by construction of some ciphers (see above). 

Algorithm [5] is a synthesis of Algorithms [3] and [H Here by the symbol Tj we denote translations 
of an n-ary quasigroup (Q, /). It is clear that the order of the set 5* = U (T^) can be large but cannot 
be more than l^^l = n\. 

In Algorithm[6]elements of the cyclic group {F) C 5'„m, where \Q\ = n,m is the arity of orthogonal 
groupoids, can appear. In the above-mentioned inclusion cannot be equality even theoretically, since 
the minimal number of generators of the symmetric group is equal to two [32l [3T] . 

It is well known that a cycle of order n and a cycle of order two generate the symmetric group 
Sn [221 [31]. 

The group S'„m is an upper bound of the sets of permutations that can be generated during the 
work of Algorithms [3, [TOl For Algorithm [8] the group 5'„2 is such upper bound. It is clear that in 
Algorithm [8] by the encryption any permutation of the group 5'„2 may be realized. But it also is clear 
that this is not necessary from the cryptographical point of view. 

The possible number of permutation generated during the work of the algorithm from Example 
[His bounded by the number (257^)! = 66049! and during the work of Algorithm [TT] is bounded by 
the number (64)!. 
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